The growth in regulation has made compliance part of business as usual for companies and most in-house legal departments are fully occupied with the day to day.
Keeping one eye on the horizon for new regulations and then managing the organisation to introduce necessary changes is no small challenge. Failure to properly evaluate the exposure to new regulatory risk and implement required changes can, at a minimum, damage the legal team’s reputation and, at worst, cause a serious crisis for the business.
Rachel Cropper Mawer, a partner at DAC Beachcroft, in conversation with Karen Lawrie, general counsel at AET Tankers, considers what can be done to add value to the ordinary, more routine parts of the job and create space for the career-high events.
The principle of corporate liability and individual accountability is becoming embedded in new law and regulation across a broad spectrum of risks areas. Organisations are expected to provide demonstrable evidence of adequate prevention procedures. This puts increased pressure on already stretched resources of legal teams whose job it is to identify these requirements and persuade the business to buy-in to the changes that need to be made. Keeping informed about legal developments relevant to the business can be challenging on top of the business-as-usual duties of an in-house legal team. Often GCs rely on external legal resources to bring new legislation to their attention and to break down what companies need to do to be compliant.
Getting project funding beyond the budget can be challenging for in-house counsel. Larger organisations may have the finance and resource to set up dedicated project teams and committees, but what can smaller organisations do to get beyond the assessment stage of each new regulation.
Karen Lawrie: ‘The business relies on legal to significantly narrow the issues to what is relevant before bringing it to the business. To an extent it is a sales job. It is essential to make sure that the right people in the executive buy in to the relevance of the changes necessary before taking them to the business coal-face. Raising issues or driving changes in the business practices on a risk basis is key to both credibility and managing the impact of change.’
The observation from a GC in the financial sector was that: ‘There is definitely an opportunity for external counsel/auditors to prompt board and senior management attention on regulatory and legislative change and pick up work in so doing. Independent directors are often proactive in identifying regulatory issues and where independent directors have alternative directorships/careers or are attending courses and conferences on governance issues the feedback has generally been useful.’
Part of the answer lies in collaboration with other departments and pro-active measures. Much as other functions might like to pass on responsibility, the in-house legal team shouldn’t own risks per se. Objective and robust challenge requires a certain distance from the running of the business. This is sometimes a luxury available in larger organisations; in smaller companies legal often have to roll up their sleeves.
The head of legal, financial services from a niche bank noted that: ‘Once an issue is identified the challenge is to ensure that there is internal ownership and resources are allocated. GDPR is a good example of a project that needs multiple departments co-operating but that then carries a risk of ownership and project management being diffuse. In general if the matter is capable of being resolved solely by legal or compliance then the temptation is for management to take that route. As an observation, the requirement for risk assessments and audits is burdensome on an organization but is helpful to legal departments as it forces involvement, awareness and often ownership from the wider business rather than allowing projects to be dropped on legal departments as documentation exercises close to or past deadline.’
Commitment at the top level provides a solid foundation for action and a strong connection to the CEO is critical. In a survey DAC Beachcroft ran with The In-House Lawyer, ‘Managing Risk: The In-House View’, 64% of respondents said they had good relationships with the CEO, meeting at least once a month. A concerning 12% though never met the CEO or equivalent.
Karen Lawrie: ‘The buy-in of the CEO is key in ensuring that legal issues are backed when they get to the business. Access to the board is often through the company secretary role rather than having a legal seat at the table and so making sure the CEO is well briefed is vital. A place on the board for the GC may come over time depending on whether the GC wins the trust of the board.’
In financial services it is a widely held view that the level of regulatory enforcement and personal accountability on senior staff in financial institutions is now at a point where it is relatively easy to convince staff to formally address legislative issues. The difficulty is in implementing projects and allocating staff time rather than securing management support.
In more complicated business structure it can be necessary for group-wide change. Indeed when regulations have extra-judicial reach or implications, it can mean that parents or subsidiaries in foreign jurisdictions also have to react to new legislation and regulation in the UK. Building strong relationships with legal counterparts in these businesses is important but sometimes it is better for the CEO to escalate issues to the parent or other subsidiaries. Mindful always of optics and regulatory expectation, this is also a good way for the business to demonstrate buy in to change and tone from the top. Karen’s view is that giving the CEO the background and tools to have those conversations is key to winning over the business and the group to change.
Good relationships with the commercial teams, sales and procurement are essential in managing operational risks but it is not unusual to find that these may have been a little strained in the past. Difficult contract negotiations for example or procurement’s involvement in legal supplier selection can dent inter-departmental harmony.
Karen Lawrie: ‘Procurement presents real legal exposure for companies. Time pressure limits the opportunity for interaction and regulatory change can be a good opportunity to build those bridges in the course of making sure our contracts are compliant with new legal requirements.’
It is easy to say, but time invested in going beyond protocols and business-as-usual can pay dividends with internal relationships, the reputation of the legal team and the impact that it has on the management of risk in by the business.
Rachel Cropper-Mawer is a dispute resolution partner in DAC Beachcroft’s London Minster Court office.
- Get your value-add from your external advisers. Make it part of their role to alert you to regulatory change in relevant geographical jurisdictions.
- Make use of regulatory training run by external firms and industry bodies.
- Build a network of other general counsel to give you an alternative view.
- Utilise your relationships with the business to make sure any changes that have to be made are fit for purpose.
- See projects as a means to build buy-in from the key business leaders and the CEO.